package com.erp.erp_auth_server.config;

import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2ClientAuthenticationConfigurer;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.config.ProviderSettings;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;

import java.util.UUID;

/**
 * 配置Oauth相关内容
 */
@Configuration
public class OAuth2Config {
    /**
     * 配置客户端信息
     */
    @Bean
    RegisteredClientRepository registeredClientRepository(){


        RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
                .clientId("123")
                .clientSecret("123456")
                .clientAuthenticationMethods(s -> {
                    s.add(ClientAuthenticationMethod.CLIENT_SECRET_POST);
                    s.add(ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
                })
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
                .redirectUri("http://127.0.0.1/callback")
//                .scope("read")
//                .scope("write")
                .scope("user_info").build();

//        RegisteredClient registeredClient2 =
//                RegisteredClient.withId("erp2")
//                        .clientId("1234")
//                        .clientSecret("1234567")
//                        .redirectUri("http://127.0.0.1/callback")
//                        .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
//                        .scope("user_info")
//                        .build();
        return new InMemoryRegisteredClientRepository(registeredClient);
    }

    /**
     * 修改oauth的默认配置
     */
    @Bean
    @Order(Ordered.HIGHEST_PRECEDENCE)
    public SecurityFilterChain authoSecurityFilterChain(HttpSecurity http) throws Exception {

        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
        http.exceptionHandling(  exceptions -> exceptions.
                        authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
        ).oauth2Login().authorizationEndpoint().baseUri("/oauth/authorize")
        ;
        return http.build();
    }

    /**
     *配置授权服务器相关信息
     * @return
     */
    @Bean
    ProviderSettings providerSettings(){
        return  ProviderSettings.builder().issuer("http://localhost:8082").build();
    }

}
